Saturday, September 26, 2009

This write up is nothing related to Information Security. But, it is good to know information for. There are three tricks in all:

1. FastFlip through articles: Google recently launched a new service: FastFlip, which can help you read online pages just as you flip through a magazine. These pages are indexed by the Google bot from many Google partner websites and presented to you for a quick read. You also have an option to choose the stuff you read by logging in to your account and customizing the application.

2. Play Monopoly with Google Maps: This can be a leisure activity on those days when you do not have anything that’s fun to do. So, Google has teamed up with the worlds largest Monopoly board game manufacturer (!), so that you can use Google Maps as a board for Monopoly. The rules are similar to what we normally play. You initially get paid out 3 million Monopoly dollars (!) to play.

3. Search real time indexed pages on Google: So, you wish to keep up with your favorite web site as soon as Google has indexed its recently updated/added page? You can now do so using a parameter that we observed recently. This parameter is- tbs=qdr:

You can get results with a seconds delay, i.e., after it being indexed! According to us, ‘tbs’ stands for ‘to be scanned’ and ‘qdr’ stands for ‘query data range’! This might not be the true meaning. It can take the following units – s (second), n (minute. We don’t know why they do not have a m instead), h (hour), d (day), w (week) , m (month) and y (year). For example,

Built from the ground upwards with your security in mind, CIS offers 360° protection by combining powerful Antivirus protection, an enterprise class packet filtering firewall, and an advanced host intrusion prevention system called Defense+.

Firewall: Slam the door shut on hackers and identity thieves.Antivirus: Track down and destroy any existing malware hiding in a PC.Defense+: Protects critical system files and blocks malware before it installs.Memory Firewall: Cutting-edge protection against sophisticated buffer overflow attacks.Anti-Malware Kills malicious processes before they can do harm.

We have published and revied anti virus and firewalls, this one is effective and proctects you from bad guys and their malwares. Tested on windows XP full of internet virus it manged to clean 98 % of known virus and 70 % modified malwares. As it also has firewall so browser hijack was also detected but was not cleaned. overall we were protected and its also Free !!!. So we had some soft corner.

Phishers are targeting Twitter users in a new attack involving direct messages sent to Twitter users containing a link to a site requesting user log-ins.

There are reports of a new phishing scam making the rounds on Twitter. The attack seeks to steal user credentials by sending tweets out with links to a phishing site. The attack site requests the user’s log-in information; once the attackers have that, they can take over the account of the victim and use it to send out more messages.

According to messages from Twitter users, the tweets with the link to the phishing site have to do with the sender supposedly making a certain amount of money. Such periodic phishing attacks on users of the popular microblogging service have become a fact of life.

I’m not exactly sure why anyone would want to steal a bunch of Twitter accounts? Perhaps to monetize them somehow with spam/affiliate schemes.

But the current threat on Twitter is a phishing scam executed via DM with a link to various things including ways to make money, a video of you or some other juicy gossip.

The cornerstones of social engineering in phishing attacks.

In May, researchers at Sophos reported that a number of Twitter users were lured to a phishing site via a tweet with the message: “check this guy out [tinyurl address leading to the attack site].” As was the case in that instance, URL shortening services are increasingly being abused by attackers to mask the Websites they are sending their victims to.

Besides drawing attackers as it has grown, Twitter has also gotten the interest of security researchers, as shown by the “Month of the Twitter Bugs.”

Twitter warned users about the attack, stating in a message: “A bit o’ phishing going on—if you get a weird direct message, don’t click on it and certainly don’t give your log-in creds!”

If you are using Twitter you should follow @spam and keep up to date with what is happening on the network.

Tuesday, September 22, 2009

Avast: Another free Anti-Virus software. Just as good as AVG. However this one is more system intensive than AVG or NOD.Bitdefender: Popular anti-virus software- Free of charge. Free- NOT real time scanning -only manual scanning)ClamWin: Small and non-intrusive anti-virus. Like Bitdefender (Free- NOT real time scanning -only manual scanning)AntiVir: An anti-virus that has been around for a long time – still free for home use.Blink: First security solution to build all of the necessary protection layers into a very lightweight package. (Contains a software Firewall)NOD32: The absolute BEST anti-virus protection. (I know, I clean scumware for a living). 30day trial. Or purchase.Kaspersky: A very sweet anti-virus software with a 30day trial. Be sure to JUST get the AV, not the full suite of bloatness.

Ad-Aware SE: Great for getting rid of spyware and malware – the items that can cause annoying pop-ups.SpyBot: Similar to Ad-Aware, however more aggressive. Clean up spyware and hijack attempts.SpyCatcher: Active Protection. One of the most advanced antispyware solution available as a free service.AVG AntiSpyware : Clean annoying malware such as spyware, Trojans and hijackers. Great compliment to an anti-virus.MalwareBytes: Since programs like Ad-Aware have become.. crap, this is a GREAT replacement for cleaning. CounterSpy:Probably the best shield against spyware. The best database cleaner there is. Period. 30day trial.Comodo BOClean:This is more of a “real time” (run the the background) anti-spyware. Not a fan of TSR’s, but this works.CWShredder: Takes care of many hijacking software – run if you get many pop-ups/redirecting pages.HijackThis: Tool to find out if there is “hijack” software on your system. Use the logfile analyzerif your not sure.Kill2me: Another stomper of spyware – bring it on.KillBox: Very nice for taking care of “Abetterinternet” and other n00bish software.a² free: This bridges the gap with anti-virus and malware. This free scanner cleans Trojans, worms, spyware (all malware).SpywareBlaster: Active prevention against spyware, adware, browser hijackers and dialers.HitmanPro2: Incorporates all major Anti-Spyware software and updates/runs them all for you. Too cool.WinDiz: Windows updates with FireFox. Great if ActiveX is damaged by spyware.

POPfile: Perfect/Free ani-Spam tool. Involved installation, but once it’s set – it’s good.IHateSpam: For Exchange (V5.5, 2000 and 2003) was uniquely developed to be both user and admin-friendly. 30day trial.Spamihilator works between your E-Mail client and the net. Useless spam mails (Junk) will be filtered out.SpamBayes: is a tool used to segregate unwanted mail (spam) from the mail you want (ham).SpamPal: Mail classification program that separates your spam from the mail you really want to read.OSpam: A great and simple spam solution for any POP account.

Sygate. Just bought by Symantec – now it’s going to be crap. Hurry and get this before it happens.Tiny: Tiny is a free firewall. It is designed for the more advanced due to the heavy features included.Comodo: Great little personal firewall. This is pretty new and robust.OutPost: An Opensource based firewall. Works very well protecting against worms, trojans and hackers.Kerio: Smart, easy-to-use personal security technology that fully protects PC’s against hackers and internal misuse.The best.Protowall: Very small application that blocks IP address. Very cool.Prevx: Stops the attacks that bypass anti-virus and firewall products.

PowerCrypt 2000: Encrypted files, folders and E-mails. This free file lets you hide all your data.PGP: “Pretty Good Privacy”. Actually it’s probably the best encryption software out there. Free – PC/MACCryptainer LE: Secure your data and ensure absolute privacy with Cypherix’s powerful 128bit encryption.BitCrypt: A sophisticated tool allowing for encryption of plain text within a bitmap image.EasyCrypto: Encrypt both standalone files and entire folders. Many cool options here.Truecrypt: Free open-source disk encryption software for Windows XP/2000/2003.MD5HashGen: Simple application that can generate one-way MD5 hashes – Great for password generations.PerfectPasswords: GRC’s Ultra High Security Password Generator.RoboForm: A free password manager and one-click web form filler. Just be carefull who uses your PC.Password Safe: Allows you to have a different password for all the different items that you deal with – remembers for you.CutePasswordManager: Form filling software that auto fill user/password. Stores info with 256-bit AES encryption – 1click login. *PIN’s: Storing of any secure information like passwords, accounts, PINs etc. 448 bit Blowfish. Does not install.

Eraser: FBI just kick in the door? This little program will erase data to a level that the Dept. Of. Defense uses.KillDisk: KillDisk conforms to US Department of Defense clearing and sanitizing standard DoD 5220.22-M.AutoClave: Hard drive sterilization on a bootable floppy.SuperShredder: Shred’s individual files. It’s stronger than DOD specs.DBAN (”Darik’s Boot and Nuke”) is a self-contained boot floppy that makes it an appropriate utility data destruction.

Anonymizer: Installs a small toolbar into your browser. Moves your connection to proxies around the word. Slows connection.Proxify.com Spoof your IP address without installing software. The paid version is much faster.

SpeedFan: Allows you to see your CPU temperature. Good for overclockers and modders.Motherboard Monitor: Like speedfan, reads temperature and fan RPM data – alerts you when there’s trouble.Si Meter: Great/free/small application that does live monitoring on system resources.TDIMon: Lets you monitor TCP and UDP activity on your local system.InterMapper: Gives a visual in real-time view of traffic flows through and between critical network devices and links.WinBar: A compact program that lets you monitor your system and provides easy access to frequently used controls.

RegSupreme: Clean up the registry from old entries, speed up your system. 30day trial.RegSeeker: Very tiny – does not install. I have tested this and trust it. Many tweak options with it. RegscrubXP: A great free registry cleaner for XP. Fix those “weird issues” with Windows.Beclean: is the complete suite of system cleaner. Registry to history – cleans many things.CCleaner: Removes unused and temporary files from your PC – allowing it to run faster, more efficiently and saving space.MyUninstaller 1.0: Uninstall anything,clean out old video drivers, uninstall programs that are not in “add/remove”.DriverCleaner: Made to fully clean out the drivers of ATI and NVIDIA.MSconfig: Get rid of startup programs that slow your PC down. This would be for Windows 2000.Starter: It’s better than Msconfig. Also works with Windows 2000, which is nice due to the fact that 2k doesn’t have msconfig.PreFetch cleaner: A pre-fetch scrubber to clean out files that are used commonly – can be corruption or spyware hiding.

Belarc: Takes a snap-shot about a PC (hardware-software) with a full profile report. This is very handy.SIW: A small .exe that when ran – gives you all kinds of info about your PC and software. Need this on your tools disk.PcpBios: Very tiny script that looks at all BIOS related information. RAM, CPU and motherboard instant info.EVEREST: (recently AIDA32). Like Belarc, gives full system summary of hardware and software/keys.SpaceMonger: A tool for keeping track of the free space on your computer. It shows a graph of files and sizes.IP subnet calculator: A diagnostics tool to calculate your network latency and subnet information.CPUid: A very small application that tells you about your specific specs. (FSB, core clock, dual channel etc.).PC Pitstop: A good site to check how your doing on fine tuning your computer. It will also help you fix your issues.PowerMax: Diagnostics for hard drives made by Maxtor. Download, put on a floppy or CD and test your HDD.MemTest86: Diagnostics for your RAM. Download, put on a floppy or Cd and test your RAM.Monitor Asset Manager: A Plug and Play monitor information utility. Provide detailed technical information about the target display.ShieldsUP: Port scanning of all ports or custom scans. See how good your firewall is doing.BandwidthTest: Test your internet connection speed.

TweakUI: Perfect for somebody who really wants to customize there XP. Made my MicrosoftX-Setup: Like TweakUI but with more functionality and options. Very slick.ResourceHacker: Get in and really tweak or fix Windows. Great registry GUI hacking.RenameRecycleBin: I made this registry value in notepad, download/double-click/”yes”/throw away, rename your recycle bin.Matrix Screensaver: Best (only) Matrix screensaver out on the web. Great options. Here is actual text (change name for you)FOOOD’s Icons: Great free icons for XP. Default is boring.Strokit: Advanced mouse gesture recognition engine and command processor.ReForce: Windows 2k and XP have an issue with Hz in games. This will allow you to set all games at a specific Hz setting.Keyboard Remapper: Remap your keyboard keys. Easy enough.ClocX: Analog clock for the desktop.Xpadder: Map your game pad or RC TX to keyboard keys. Wokrs great for customized controllers.Alarm: A digital clock that you can set to display a message and play a sound at a time of your choice. AlarmClockWeatherPlus: Display satellite images and video around the globe, stay updated on current and expected weather conditions.Nlite: Remove or add Windows components to your Windows CD – for next time you re-install Windows.AutoStreamer: Just like Nlite, this is specifically for adding Service Packs to your Windows install CD’s.Digital Blasphemy: Probably the best wallpapers and images on the net.Konfabulator: Engine that lets you run little files called Widgets that can do pretty much whatever you want them to.

File Recovery: This is free software made by PC Inspector. Really, Really nice if you lost or trashed a file and need it back.Smart Recovery: Recover data from flash drives: CF, SM, Thumbdrives, micro drives – etc.Disk Investigator: Discover all that is hidden on your computer hard disk, recover lost data.File Scavenger: Undelete and data recovery utility for NTFS volumes. 64KB or smaller files can be recovered with free trial.CDCheck: Utility for the prevention, detection and recovery of damaged files on CD-ROMs and error detection.Restoration: Tiny program that doesn’t install. Perfect if you trashed a file (even emptied the recycle bin) and you need it back.RecoverOutlookMail: A little trick for recovering those corrupted .PST files.

FireFox: Drop Internet Explorer and get a superior browser. Check out the add-ons.Google Chrome: A great webkit based browser by Google. Very fast. *Opera: If you don’t use FireFox, use Opera. Now that it is free and Ad-free – it is now recommended.Safari: Apples web browser now for Windows. Great web browser next to Firefox.Reload Every: Extension for FireFox. Allows you to set reload times on your browser windows so you won’t be logged out.

FileZilla: An FTP program that is superior to “Cute”, and is Free.WinSCP: Open source SFTP client for Windows using SSH and SCP protocol’s. Secure FTP.FireFTP: If you use FireFox browser (like you should be) – use this plug-in for FTP functionality in your browser.Hamachi: Setup two or more computers with an Internet connection into their own virtual network for direct secure communication. How-to’sFolderShare: Securely keep files synchronized between your devices and remotely download your files from any browser.LogMeIn: Easy to log into a PC from a PC, MAC or linux machine. No port forwarding involved! Just like terminal services but easier.Avvenu: Remote connect to your PC from another PC or any web-enabled handheld. Perfect for getting those files you forgot.Crossloop: Secure screen sharing utility designed for people of all technical skill levels. Basically, TightVNC but no port forwarding needed.TightVNC: Remote control software- see the desktop of a remote machine and control it with your local mouse and keyboard.RemoteDesktop: Microsoft remote desktop client side installer for older Windows versions.RDPortX: A small app I made to change the defualt 3389 port that Remote Desktop ueses. Great for multiple RD servers on the same network.eMando: Client/server package which you can use to control and manage a computer over a LAN or the Internet.DirectUpdate: Get an Email of your WAN IP address changes even behind a router (for dynamic ISP’s). 60day trial($15.00 – buy).DynDNS: A full list of dynamic IP administration software tools.

CDBurner-XP Pro: Just like it sounds, burning program for Windows. Free.ImageBurn: A lightweight CD / DVD / HD DVD / Blu-ray burning application.ISORecorder: Small program to burn images of CD’s. Once installed, right click an .ISO’s or a ROM drive and “create CD image”.DeepBurner: A full featured Burning app for CD’s, DVD’s and ISO’s. Much like Nero only totally ~~Free

Tuesday, September 15, 2009

Apart from what guidelines have been published in various books and articles. My this post will summarize the overall manual and automated techniques to simulate and test the samples of malwares collected and their behavioral activities. To be noted that a "Malware" could be delivered in the form of trojan, virus or worm.

Manual ToolsetThese tools require the collaboration of other toolset used in conjunction, to support depth analysis of a malware.

Automated Online ToolsThese online submission services automatically analyze the malware in a very restricted environment(simulate) and record their activites and produce results on the basis of various Anti-Virus/Malware detection.

Monday, September 14, 2009

Nothing beats a USB port for convenience, whether you want to quickly transport a couple gigabytes of files for work, refresh the lineup on your MP3 player, or view the pictures from your recent trip to Boise. Unfortunately, USB ports also provide an overly convenient bridge for malware to creep from a portable media device onto an unsuspecting user's system. In fact, it seems nearly every client I visit these days has numerous computers carrying USB-infecting malware -- even trusted clients with otherwise stellar security histories. It's getting so bad that I'm scared to share USB keys with my clients.

The primary culprits here: Microsoft Windows' autorun and autoplay features for portable media devices (USB keys, USB hard drives, camera memory flash cards, and so on). To make users' lives easier, Microsoft coded Windows to seek and deploy autorun and autoplay files on removal media. A user connects his or her device, and the program it contains launches automatically, if so designed by the software developer. It's what allows a CD or DVD to start playing the moment it's inserted or a new software program's install routine to automatically commence.

[ Already infected by malware? Starting from scratch is the best course of action [1]. | Are you up to snuff in your security regimen? Get your defenses in tip-top shape with InfoWorld's Security Boot Camp [2], a 20-lesson course via e-mail that begins Sept. 21. ]

Unfortunately, malware writers have co-opted autorun and autoplay to spread rogue code. An unsuspecting user inserts a portable media device containing the code, which is often invisible to the casual user. The malware then uses autorun and autoplay -- and maybe the desktop.ini file -- along with the hidden core malware program to pull off the overall exploit. The malware can then go on to infect the computer and network using other vectors, such as network shares, password guessing, and normal infection vectors, or it can stick to infecting removal media devices. Either way, it's not a good thing.[3]

My recommendation: Protect your systems and your network by disabling the autorun and autoplay functionalities and by educating users on how to manually launch any needed program. Disabling this functionality has become easier and easier with each new version of Windows. It can be done using Group Policy or registry edits. In many cases, you might have to install an additional software hotfix to get all the needed disabling functionality.

Specifically, to disable the autorun functionality in Vista or in Windows Server 2008, you must have security update 950582 installed (security bulletin MS08-038). To disable the autorun functionality in Windows XP, Windows Server 2003, or Windows 2000, you must have security update 950582, 967715, or 953252 installed. (See Microsoft's Web site [4] for more details. It covers what software fixes to install, if needed, and the related registry keys and group policies that can be configured.)

My friend Jesper Johannson has an excellent description [5] -- and solution discussion -- of the problem, which I highly recommend.

Even if you fix your computers, you have to be careful as to where you stick your USB device. It's truly similar to sex advice: You are sharing your USB device with every USB device that has shared the same port.

Of course, it doesn't hurt to run antimalware software, even if it isn't 100 percent accurate, configured to autoscan all autolaunching code or inserted media devices.

Also, if I share my USB key, I always look for any added autorun.inf, desktop.ini, or newly appearing executable files. I configure Windows Explorer to show all files (hidden, system, and registered extensions) so that any hidden files are shown. You can disable USB ports (or any devices or ports) physically or by using Group Policy, registry edits, or third-party software. Last, check all your removal media to make sure they haven't been silently infected and you aren't spreading the disease.

Practice safe computing and disable autorun and autoplay -- so we can go back to fighting Internet-based malware.

Are your network defenses feeling a little flabby? InfoWorld's Security Boot Camp will whip your IT operation into shape in next to no time. Get Roger Grimes’ advice delivered to your in-box in a special, four-week e-mail-only course. Sign up now [6].

Monday, September 7, 2009

A quick examination of the exploit showed some fancy manipulations in a highly restrictive environment that lead to a ”useradd” type payload. The main issue was the relatively small payload size allowed by the SITE command, which was limited to around 500 bytes.

After a bit of tinkering around, we saw that the PASSWORD field would be most suitable to shove a larger payload (bindshell). A quick replacement of the original “user add” shellcode with a secondary encoded egghunter – and a bind shell was presented to us! I wonder how long this 0day has been around…As Rel1k would say to logan_WHD…”it’s OK, it’s OK…”.

The trend of security threats has recently gained a prominent attention in media and industry reports. This article will briefly examine the methodologies and approaches that most organizations follow to address security issues by giving examples, test cases, strengths and weaknesses. Today's widely known solutions involve vulnerability scanning, static code analysis, penetration testing, binary analysis, fuzzing etc. Which of them are more or less reliable and which of them can address specific type of application problems, is mainly discussed here.

As many software vendors think that 'security issues' may never laid them out of business but in reality it does affect the sales as well as market reputation. Deploying proper application security not only rest assure the clients but also lead to increase the productivity. Let us take an example of interesting equation:

X=Applications developedY=Vulnerabilities exist in those applicationsZ=Cost of repair (patch and fixes)Now; X.Y.Z=A (answer)

If 'A' is less than the cost of third-party QA auditor, cost of training the developers and conducting additional security audits then it make more sense to write an insecure code.

Application vulnerabilities (in broad sense) can be divided into following sections but not limited to:

Although each of these methods have their own strengths and weaknesses. Thus, we assume not the best, but atleast more efficient and reliable method can be judged by looking into their specific testing process.

Automated Dynamic TestingWhile approaching to disclose application vulnerabilities under this method, the complexity ratio increases when moving from vulnerability scanning to the fuzz testing.

Automated Static TestingThis method can disclose the set of vulnerabilities present in the application by examining the code (source/binary) without user interaction. Several commercial and open source tools are available to perform automated static analysis. The complexity of such tools increases from normal flaw identification to the formal verification process.

Strengths-Assessment of low-context flaws (parameters, DB query statements, etc)-Automated scans required little or no human interaction-Can get good placement during development lifecycle

Weaknesses-Applications without presence of their source code.-High ratio in false postives or negatives, tuning is harder.-Critical issues with formal verification

Developing and correctly expressing a set of security invariants.

Developing an interpretation of the application that lends itself to proving/disproving invariants.

Use Cases-Timely and resource-specific detection of simple flaws-Detection of regression as a part of development lifecycle-False assumption on strong assurance of the critical application-In the hands of a developer who cannot interpret or filter the results correctly

Manual Dynamic TestingThe manual dynamic assessment apporach can be achieved by human-navigated application usage followed by assurance validation process and fuzz testing. A critical background information on application design can be provided by the developers. The complexity of manual dynamic testing process increases with its level of common criteria, assurance validation to parameter tampering.

Strengths-Parallel capacity in execution of tests-Pattern recognition-Testing the live implementation may reduce false positives-Capable of emulating the malicious attack process

Weaknesses-Time consuming for large and complex applications-May require the tester to hold a steep learning curve-Test envrionment may not mirror production

Use Cases-High risk applications require highly experienced security auditor to understand and scope the attack surface-Wrong application type or the wrong tester background-A case where the requirements of assessment does not match the expected risk profile of an application

Thus, from the application security assessment methods mentioned above and the statistics from "WASC Statistics Project" prove that the probability in detection of high risk vulnerabilities can be higher if combined set of methodologies are used. And this combined approach is almost 12.5% higher than automated scanning (specific to web applications).

SAP simply stands for "Systems, Applications and Products in data processing". SAP as a unique business solution developer integrates range of solutions including ERP, CRM, GRC, PLM, SCM and many more. The ease of usage, implementation and market reputation has put forward a strong basis for the company (german based) worldwide. Deploying SAP solution is a bit lengthy and complex process and that's why a core security settings left default or unattended. This could results in serious exposure of the SAP platforms and flag a high risk to the organization.

Talking in the specific context of SAP platform, many auditors would like to harden the SAP authorization subsystem (roles and profiles). While hardening the authorization process and segregation of duties is considered vital but there is also another aspect of security which involves technical assessment of all the networked components within SAP environment. Conducting "Penetration Testing" using industry-proven methodology gives more clear outlook for security vulnerabilities and threats in the existing infrastructure. Such as, weakness in configuration may result in business frauds. The typical number of steps followed under SAP Pen-Testing are:

-Discovery (Find the target)-Enumeration (Services running on the platform)-Vulnerability Assessment (Check for the presence of known/unknown vulnerabilities)-Exploitation (Try to gain administrator privileges on the defined system)

The main goal is to achieve the highest possible privileges in the production environment which can be accomplished by:

It worth to mention that "Sapyto" is specially designed as SAP Penetration Testing Framework to cover all aspects of Pen-Testing methodology. And because it is developed in python and C, it is easier port plugins.

Countermeasures

1.Restrict connections to the SAP gateway.2.Restrict access to shared resources. Such that, allow only internal connections.3.Harden the configuration settings.4.Remove/Change the default user accounts.5.Enable "SNC" to protect against evasdropping.6.Good password security should be enforced.7.Access to transactions should be restricted.8.Use SAP authorization object "S_Program" to protect report confidentiality.

A 'cloud' in computing environment is the combination of Infrastructure as a service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) components. Well, most of us may confuse it with ASP (Application Service Provisioning) strategy, which is completely wrong. In simple terms, cloud is a virtualized, dynamically scalable, shared fabric and shared hardware solution to the users. It avoids capital expenditure (CapEx) on purchasing expensive hardware, software and other services by renting the usage from a third-party provider under SLA (Service-level Agreement). For more information, a cloud taxonomy is attached below.

When taking insights of security within Cloud Computing domain give a clear view of risks involved from consistency, interoperability, confidentiality, availability and integrity point of view, such as:

Hence, before approaching any cloud computing vendor its better to investigate their policies and procedures regarding security of your company's data transactions. This can be analyzed on the following basis:

-Data segregation and use of strong encryption technology-Data hosting location-Recognized under industry standards and regulatory compliance.-Disaster recovery and business continuity assurance-Privileged access control-Availability of resources and data-Viability of data in case if the vendor goes out of business

A good set of cloud service can be differentiated under agility, sustainability, cost, multi-tenancy, reliability, scalability and security. Additionally, from security perspective, a 'focused penetration testing' may rest assure a vendor from any false sense of security and thus save the cost of any data loss or liability issues.

There are number of PHP threats and vulnerabilities which have been reported during the past few years. These include, file inclusion attacks, remote file upload vulnerability, insecure function injection (eval,create_function,preg_replace), etc. Executing malicious shellcode over vulnerable web servers is still easier but it is quiet challenging when "post exploitation" topic is highlighted.

Today many of PHP-based web servers are hardened by default and running with low privileges. Thus, it is extremely challenging for the attacker to gain full control over the server. Let's take a brief overview on common type of protection schemes used to hardened PHP environment:

This happens because we are unable to disabled the internal "allow_call_time_pass_by_reference" function.

2. executor_globals() to find the interesting target, it contains list of functions/ini entries/jmp_buf but the memory position is unknown and it changes the structure with every single PHP version.

3. To execute the user choice of code, function dl() comes in handy but it requires:-platform independent library-a writable directory-enable_dl should be activated-setting extension_dir to the shared library directory

4. Attacking under x86 linux platform:-PHP array leaks the pDestructor pointer which points to PHP code segment-scan until we find ELF header in memory-once ELF header discovered, we can also find imported functions-select the function which have been imported from libc (memcpy)-from there we can look any function within libc and access their addresses-address to shellcode can be written and executed-copying shellcode into the writable text-segment and execute it